If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Blocked the spammers what next?

My mail server was getting used by spammers, they were using it to send out asian porn and other things such as kitchen tools. Now I configured the mail server correctly to not send out any e-mail unless the user is local and belongs to the network. I then configured the router to deny this person's ip address which is 211.194.117.177 but I have a feeling that my server maybe on a "list" somewhere as an address that will alow other spammers to send their mail. I was wondering if there was a website or anything that I could submit these addresses to warn other people that may be in the same boat. Also if anyone has any ideas on how to punish the spammers that would be cool since it's running on my personal network.

Like... say someone is using you as a relay. Well, take all the spam that they are throwing at you and throw it right back at them.... or a honeypot that will do the same thing...

Would that be against the "hack back" laws? Wonder if it'd be enough to cause a DoS...

What about setting up your firewall to only accept traffic that you want, and deny the rest?
You are on linux, right? ip tables work wonders.

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

damn... and to think... I almost had a summer programming project... fux0red again

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

OK phishphreek80

You may be able to have a project Dude!

Looks like the x.x.x.177 hasn't made it yet but as you all can see this group of IPs is KNOWN as probing "massivly" for open SMTP ports. Say this with an Irish Impact for effect, "I fargin HATE spammers"

Ref: SBL7674

211.194.117.160/27 is listed on the Spamhaus Block List (SBL)

Mar 20 2003 - 16:8hrs GMT

Port 25 prober
Massive number of probes looking for open mail servers.

wow that's interesting RoadClosed some good info phishphreek80 I was thinking about the same thing it would be nice if the spammer had his own mail server up i would route the traffic right back to him/her but at the stack of them clogging up my network it isn't worth it because they send messages out like crazy. I guess just blocking them is the best i can do. Maybe shut the mail server down

July

I am sure it hasn't happened but since your mail server, or anyone else, has been used as an Open Relay, you could find yourself on a couple of black lists. It's important to know them, so you can fix an accidental black listing of your business. Also for security reasons, you can set your system to block these guys. Here are some steps to get you started and on the path to mail redemption:

1. Look at messages returned to you and see if you have anything that says "Reject" and then followed by a url address. These are the people who decided your accidental open realay was spamming.

2. There is an open relay database on the net to check and verify open relays. If your curious or believe someone is an open server check this. ORDB

3. This is a black list search engine, sort of. They try and keep tabs on black lists. Check them out.

4. Last resort: post a message in news.admin.net-abuse with your case.

Final Note: Before anyone will remove you, make sure you are not an open relay or a proxy mail list generator etc. So make sure your mail server and web cachers are fixed and plugged.

I'll post this in a more professional manner in the tuts if there isn't one.

West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.

1. Start reading news.admin.net-abuse.email on Usenet. You can read and post from google via: http://groups.google.com/groups?hl=e...et-abuse.email
You can get alot of information and help from the regulars on NANAE. Remeber, this is Usenet, not everyone is nice and you can get flamed pretty bad if you don't follow the posting rules.

2. Check sites like spamcop, spews etc....They have lots of info about setting up block lists in mail servers.

3. If you are in some blocklists, find out which ones by checking the lists yourself. You will find links to thoses on www.spews.org etc....
Most of the block lists that deal with open mail relays have an option for testing the relay. You can check your progress yourself by testing you own server via these sites. Once you are no longer open and have run the test, most of the time you will get removed from the block list. You can also contact the admin of the blocklist / test site and see if they can speed up the process for you.

4. Once you have closed your open realy and have tested it, then post on NANAE. This way, you minimize the possible flamming that could occur. If you are honest and open with the users on NANAE, they will be a great resource for you.

5. There is also a NANAE type group called sightings. (Check google). This is a place were users / admins have posted the spam that they have recieved. There is a process that must be followed for it to be accepted in sightings but the FAQ explains it all. This groups becomes a record for others to be able to check host domains and ISP's to see if they are spam friendly.